| View previous topic :: View next topic |
| Author |
Message |
mihaidobos
-
Joined: 10 May 2013
Posts: 3
|
 Posted: Fri May 10, 2013 9:50 am Post subject: StartSSL Private Key import failed |
 |
|
Hello,
I get an error when i try to import a SSL private key generated by StartSSL.
Error is "bad decrypt - PEM_do_header - 906a065"
Certificate key starts/ends with following headers. I removed sensitive information.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC, (//stripped down//)
//stripped down//
-----END RSA PRIVATE KEY-----
I am able to generate keys and add self-signed/3rd part signed certificates based on the generated keys and fully configure HTTPS use on Abyss.
However I want to import the private key to be used with a certificate that is trusted and not returns warnings in users's browsers.
Any ideas guys?
Thx,
./MD |
|
| Back to top |
  |
 |
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Mon May 13, 2013 6:11 pm Post subject: Re: StartSSL Private Key import failed |
|
|
mihaidobos,
This private key is encrypted and requires that you enter a password each time the server loads it.
Encrypted private keys are not supported by Abyss Web Server as it has to be able to run unattended while such keys require user interaction to be usable.
It should be converted to an unencrypted form. Please contact out technical support by email for detailed instructions on how to do so.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
mihaidobos
-
Joined: 10 May 2013
Posts: 3
|
| Posted: Mon May 13, 2013 8:29 pm Post subject: Re: StartSSL Private Key import failed |
|
|
Thanks for the tip, didn't realize the error refers to that.
I will do a search and try to do the operation myself, I don't want to abuse technical support's time as I am using the free version of the software.
Best regards
| admin wrote: | mihaidobos,
This private key is encrypted and requires that you enter a password each time the server loads it.
Encrypted private keys are not supported by Abyss Web Server as it has to be able to run unattended while such keys require user interaction to be usable.
It should be converted to an unencrypted form. Please contact out technical support by email for detailed instructions on how to do so. |
|
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Tue May 14, 2013 11:31 am Post subject: Re: StartSSL Private Key import failed |
|
|
| mihaidobos wrote: | | I don't want to abuse technical support's time as I am using the free version of the software. |
Your support request will be welcome. And our tech. support is free so why not using it? (abusers are those who send us 10 questions a day without even bothering reading what our replies.)
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
mihaidobos
-
Joined: 10 May 2013
Posts: 3
|
| Posted: Wed May 15, 2013 11:04 am Post subject: Re: StartSSL Private Key import failed |
|
|
| admin wrote: | | mihaidobos wrote: | | I don't want to abuse technical support's time as I am using the free version of the software. |
Your support request will be welcome. And our tech. support is free so why not using it? (abusers are those who send us 10 questions a day without even bothering reading what our replies.) |
Thank you for your help - you guys do an excellent job, but got it fixed.
For anybody who hits the same problem, you need openssl and perform the decryption operation. Then import will work.
| Code: | openssl rsa –in enc.key -out dec.key
Enter pass phrase for enc.key: -> Enter passphrase
writing RSA key... |
Overall it's an easier process to generate a private key in Abyss and based on that key get a Certificate Signing Request (CSR). Based on this you get a certificate for which you already own the private key.
As a best practice, you should also export your private key (copy&paste) to a secure area, so you don't have to revoke your certificate if you loose your Abyss server installation. |
|
| Back to top |
|
|
|
@abyssws